Mobile devices have become a huge part of enterprise IT. As it becomes increasingly important and employees are using mobile devices more and more for work, it becomes more important to take mobile security seriously. All IT teams take network security and on-site security seriously, but often don’t invest enough time in securing mobile devices and teaching employees about what vulnerabilities may be presented or how they can avoid them.
Here are 7 Steps to Secure Mobile Computing
1. Authenticate the User
This is the first step you should take when it comes to mobile security as it’s the easiest way for anyone to access the phone and it’s the easiest way to secure it. Other than securing it, you should make sure that the employee can actually access the phone. There are many different ways you can authenticate a mobile user. The two main ways are a strong password or biometric authentication – this includes retina scans, facial recognition and finger print scanning. Users enjoy authentication because it makes it easy for them to access their mobile information. They don’t want too much conflict when attempting to access their files, however the authentication will create conflict for unauthenticated individuals making it less likely that they will try to work their way around the authentication.
2. Update the Operating System
Cyber attackers feed on out-of-date operating systems. This is true for mobile devices and on-site servers, desktop, laptops, etc. As web-facing enterprise apps rise, operating system updates effecting functionality becomes less likely. All mobile operating systems have a regular updates and security patches that are sent out to be downloaded on a schedule by the vendor responsible for that operating system. These updates should be automatically applied, but the IT team should be searching for information on each update and making sure not to apply an update that would break in their application infrastructure. IT and security teams should be cautious about major updates because often it takes a few days or weeks for any bugs or issues to become apparent. Experts suggest waiting until the first point update to fully upgrade to the new operating system so that these bugs will not impact your information or work done on an enterprise mobile device.
3. Be Mindful of Where You Are
A distinguishing characteristic of mobile devices is that you can take it anywhere and have a lot of your work on it. This means that it can be taken to places considered to be “hostile environments” for sensitive enterprise data. Most mobile device users think that their mobile devices are safer than laptops or other smaller devices, but mobile devices often automatically connect to the closest Wi-Fi that they can, leaving that device vulnerable to whatever or whoever is on that connection as well. Security teams should explain why Wi-Fi is less secure and how mobile device users can protect their data. They should also advise turning off Wi-Fi and Bluetooth when they do not know what Wi-Fi they might encounter as they travel.
4. Use a VPN
A good way to protect data from unsecure networks is to encrypt it during motion. This encryption requires a virtual private network (VPN) between both ends. Mobile device users don’t think they need a VPN because they think cell data networks are safe and trustworthy. It’s true that it’s harder to pull your data and information from cellular data versus a Wi-Fi network, but it can still be done. Mobile devices spend a great amount of time on Wi-Fi and places other than the office. These two characteristics together would require a VPN to fully secure the valuable information these mobile devices contain. IT teams should educate employees to not just install the VPN, but to always use the VPN.
5. Enable Mobile Wipe
Devices carried by employees can be lost or stolen. This means that data on those devices will be lost or accessed. Even thought systems might be in place limiting sensitive data on mobile devices, authentication data and other login information are likely attached to the device. This is why you need to be able to remotely wipe the data from the device. Both iOS and Android devices have the option for remote wipe, and this should always be enabled on enterprise devices.
6. Use Anti-Malware
Many people don’t think that mobile devices are as vulnerable to malware in the same way as laptops, desktops, servers and more. However, malware and vulnerabilities are very real for mobile devices. Anti-malware systems exist for both iOS and Android systems Security practices indicate that anti-malware software should be on mobile devices that are attached to enterprise networks and data. Anti-malware protection is important because it not only protects mobile devices and other larger devices, but it will protect the larger enterprise network from being compromised. If a mobile device becomes infected, it can become a point of entry for cyber criminals to access the enterprise network and attack larger sets of data.
7. Back Up Mobile Devices
Since mobile devices are more accessible and employees will be conducting business on them, there is likely critical data left or kept on these devices. And an employee’s productivity will depend on the device being set up with the right information and applications, meaning that a backup of apps and data is important to secure data and productivity. Device backup is a feature of every mobile operating system and it has to be enabled before it’s effective. Device backup should be made a requirement for enterprise-connected mobile devices. Backups make it possible to recover from malware issues and even device loss. You can remotely wipe a device and reupload the same information on a new one, making it less painful when affected by malware or any unprotected device.
There are endless ways to better secure your enterprise mobile device, but these are the first seven steps you should take. IT teams within the organization can set these up by using mobile device management companies and their applications. ATS partners with many vendors that offer MDM – we can help find the best fit for your company!